2022-06-24 Django 3.xから4.xへの更新でPOSTリクエスト時にCSRF検証に失敗する下書き

投稿済み

https://blog.aoirint.com/entry/2022/django_3_x_to_4_x_csrf_verification_failed/

settings.pyにCSRF_TRUSTED_ORIGINSを追加すればよい。

Origin: e.g. https://example.com

https://developer.mozilla.org/ja/docs/Glossary/Origin

CSRF検証のドキュメントを3.xと比べると、以下の記述が増えている。

CsrfViewMiddleware verifies the Origin header, if provided by the browser, against the current host and the CSRF_TRUSTED_ORIGINS setting. This provides protection against cross-subdomain attacks.

4.x: https://docs.djangoproject.com/en/4.0/ref/csrf/#how-it-works

3.x: https://docs.djangoproject.com/en/3.2/ref/csrf/#how-it-works